diff options
Diffstat (limited to 'init')
-rw-r--r-- | init/Kconfig | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/init/Kconfig b/init/Kconfig index e16d9e587cee..14b3d8422502 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1752,6 +1752,24 @@ config SYSTEM_TRUSTED_KEYRING Keys in this keyring are used by module signature checking. +config SYSTEM_DATA_VERIFICATION + def_bool n + select SYSTEM_TRUSTED_KEYRING + select KEYS + select CRYPTO + select ASYMMETRIC_KEY_TYPE + select ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select PUBLIC_KEY_ALGO_RSA + select ASN1 + select OID_REGISTRY + select X509_CERTIFICATE_PARSER + select PKCS7_MESSAGE_PARSER + help + Provide PKCS#7 message verification using the contents of the system + trusted keyring to provide public keys. This then can be used for + module verification, kexec image verification and firmware blob + verification. + config PROFILING bool "Profiling support" help @@ -1860,16 +1878,7 @@ config MODULE_SRCVERSION_ALL config MODULE_SIG bool "Module signature verification" depends on MODULES - select SYSTEM_TRUSTED_KEYRING - select KEYS - select CRYPTO - select ASYMMETRIC_KEY_TYPE - select ASYMMETRIC_PUBLIC_KEY_SUBTYPE - select PUBLIC_KEY_ALGO_RSA - select ASN1 - select OID_REGISTRY - select X509_CERTIFICATE_PARSER - select PKCS7_MESSAGE_PARSER + select SYSTEM_DATA_VERIFICATION help Check modules for valid signatures upon load: the signature is simply appended to the module. For more information see |